fancy bear
A U.S. intelligence expert says the hacking group known as Fancy Bear primarily works for the GRU, Russia's military intelligence agency
Microsoft has warned of a vulnerability in its popular Windows software that is being exploited by a Russian hacking group suspected of attacking U.S. political institutions this year.

The software maker said in an advisory on its website on November 1 that there have been a small number of attacks using "spear phishing" e-mails from a hacking group called Strontium, also known as Fancy Bear or APT 28.

Microsoft's disclosure of the new attacks linked to Russia came after Washington accused Moscow of launching an unprecedented hacking campaign this year aimed at disrupting and discrediting the upcoming U.S. presidential election.

The U.S. government last month formally blamed the Russian government for the election-season hacks of Democratic Party e-mails and their subsequent disclosure on WikiLeaks and other websites. Russia has denied those accusations.

Microsoft said a patch to protect Windows users against the newly discovered threat will be released on November 8 -- election day.

A U.S. intelligence expert on Russian cyberactivity told Reuters that Fancy Bear primarily works for the GRU, Russia's military intelligence agency, which U.S. intelligence officials have concluded was responsible for hacks of Democratic Party databases and e-mails this year.


Comment: US intelligence "experts" seem to revel in spreading accusations without any proof. One has to wonder why the mainstream media never actually researches their claims, because if they did they would realize that, like in this case, there is no evidence that Russia is behind any hacking nor that Fancy Bear works for the GRU. It's just empty claims meant to further incite Russian demonization.


In spear phishing, an attacker sends targeted messages, typically via e-mail, that exploit known information to trick victims into clicking on malicious links or opening tainted attachments.

Microsoft said the attacks exploited a vulnerability in Adobe's Flash software and one in the Windows operating system. Adobe released a patch for that vulnerability on October 31, when security researchers with Google went public with details on the attack.

Microsoft chided rival Google for going public with details of the vulnerabilities before it had time to prepare a patch to fix them.

Google said it disclosed the flaw following its standing policy of going public seven days after discovering "critical vulnerabilities" that are being actively exploited by hackers.

"This vulnerability is particularly serious because we know it is being actively exploited," Neel Mehta and Billy Leonard of the Google threat analysis group said in an online post.

Google said it told Microsoft and Adobe about the vulnerabilities on October 21 and an update to Flash addressing the weakness was released five days later.

Microsoft said people using the Edge browser on fully updated Windows 10 operating systems should be protected from the attack.